Премини към съдържанието

  • Добре дошли!

    Добре дошли в нашите форуми, пълни с полезна информация. Имате проблем с компютъра или телефона си? Публикувайте нова тема и ще намерите решение на всичките си проблеми. Общувайте свободно и открийте безброй нови приятели.

    Моля, регистрирайте се за да публикувате тема и да получите пълен достъп до всички функции.

     

Мисля, че системата ми е инфектирана

Алекс Качиков

Препоръчан отговор

Алекс Качиков Сътрудник

Алекс Качиков

публикувано
  • Автор
публикувано

Лог файла от една от заразените флашки:

 
 
MCShield ::Anti-Malware Tool:: http://www.mcshield.net/
 
>>> v 2.8.3.24 / DB: 2013.12.8.1 / Windows 7 <<<
 
 
10/12/2013 10:09:18 > Drive E: - scan started (no label ~3689 MB, FAT32 flash drive )...
 
 
 
---> Executing generic S&D routine... Searching for files hidden by malware...
 
 
---> Items to process: 18
 
---> E:Exposer de little mix.odg > unhidden.
 
---> E:gh.odt > unhidden.
 
---> E:Technologie devoir informatique tracy.odt > unhidden.
 
---> E:Technologie devoir informatique.odt > unhidden.
 
---> E:Exposer sur beyonce en section europenne.odt > unhidden.
 
---> E:Tracy Cornet.docx > unhidden.
 
---> E:Exposer sur beyonce en section europenne ;.odt > unhidden.
 
---> E:Présentation1.ppt > unhidden.
 
---> E:Exposer de PHOBE TONIK.odg > unhidden.
 
---> E:LETTRE DE ANCIEN COMBATANTRS.pdf > unhidden.
 
---> E:reperes-histoires-geo-2013-1.pdf > unhidden.
 
---> E:Liste-pôles-5-11-2013.pdf > unhidden.
 
---> E:CONSIGNE POUR REUSSIR LES DIFFERENTS EVALUATIONS DU STAGE.pdf > unhidden.
 
---> E:Le personnel du laboratoire de Melun est constitué.doc > unhidden.
 
---> E:LE LABO.doc > unhidden.
 
---> E:Infections urinaire.doc > unhidden.
 
---> E:Jessica Parker Kennedy.docx > unhidden.
 
---> E:Devoir maison ( Biographie sur Jean - Jacque ROUSSEAU).rtf > unhidden.
 
 
 
 
---> Note: paranoid mode is enabled.
 
 
>>> E:Exposer de little mix.lnk - Malware > Deleted. (13.12.10. 10.09 Exposer de little mix.lnk.836880; MD5: a787d774711c770430033e18d04d0e02)
 
>>> E:gh.lnk - Malware > Deleted. (13.12.10. 10.09 gh.lnk.691703; MD5: b3ab26a256584a602d298a830b4da941)
 
>>> E:Technologie devoir informatique tracy.lnk - Malware > Deleted. (13.12.10. 10.09 Technologie devoir informatique tracy.lnk.409124; MD5: aa7af9608f3406d73b42eaecb989886b)
 
>>> E:Technologie devoir informatique.lnk - Malware > Deleted. (13.12.10. 10.09 Technologie devoir informatique.lnk.178234; MD5: 3f438eed40e236fdbfd809f5fc467524)
 
>>> E:Exposer sur beyonce en section europenne.lnk - Malware > Deleted. (13.12.10. 10.09 Exposer sur beyonce en section europenne.lnk.930290; MD5: 30b3dc00f9a2d71dd28fca07290c28a5)
 
>>> E:Tracy Cornet.lnk - Malware > Deleted. (13.12.10. 10.09 Tracy Cornet.lnk.126654; MD5: d82a7ec55d79870b800b2cc428e96432)
 
>>> E:Exposer sur beyonce en section europenne ;.lnk - Malware > Deleted. (13.12.10. 10.09 Exposer sur beyonce en section europenne ;.lnk.331370; MD5: e90bcd78253af904656ea1d7379fb938)
 
>>> E:Présentation1.lnk - Malware > Deleted. (13.12.10. 10.09 Présentation1.lnk.467953; MD5: 664ba4ab72320961c10ea1fa299bc451)
 
>>> E:Exposer de PHOBE TONIK.lnk - Malware > Deleted. (13.12.10. 10.09 Exposer de PHOBE TONIK.lnk.510733; MD5: 425d8754c5ea4f49708fa85b5fd73c6b)
 
>>> E:LETTRE DE ANCIEN COMBATANTRS.lnk - Malware > Deleted. (13.12.10. 10.09 LETTRE DE ANCIEN COMBATANTRS.lnk.441780; MD5: bf07b05e33f23752b3f59c4d02a01412)
 
>>> E:reperes-histoires-geo-2013-1.lnk - Malware > Deleted. (13.12.10. 10.09 reperes-histoires-geo-2013-1.lnk.71476; MD5: a2324b2c22df16015932273543c121a6)
 
>>> E:Liste-pôles-5-11-2013.lnk - Malware > Deleted. (13.12.10. 10.09 Liste-pôles-5-11-2013.lnk.205827; MD5: 4642ebe8604107b1d91e7a9b054eff3d)
 
>>> E:CONSIGNE POUR REUSSIR LES DIFFERENTS EVALUATIONS DU STAGE.lnk - Malware > Deleted. (13.12.10. 10.09 CONSIGNE POUR REUSSIR LES DIFFERENTS EVALUATIONS DU STAGE.lnk.666895; MD5: ad2c1faee9d18a8c197cacd8e1eca976)
 
>>> E:Le personnel du laboratoire de Melun est constitué.lnk - Malware > Deleted. (13.12.10. 10.09 Le personnel du laboratoire de Melun est constitué.lnk.408324; MD5: 45fbe4ef30bab30deacdf1e0a2362f2d)
 
>>> E:LE LABO.lnk - Malware > Deleted. (13.12.10. 10.09 LE LABO.lnk.525315; MD5: 76088b10fe2fa30e512bc01a600e2727)
 
>>> E:Infections urinaire.lnk - Malware > Deleted. (13.12.10. 10.09 Infections urinaire.lnk.236657; MD5: 8db5613ddfd48ac994889aa4bb2e59e6)
 
>>> E:Jessica Parker Kennedy.lnk - Malware > Deleted. (13.12.10. 10.09 Jessica Parker Kennedy.lnk.817811; MD5: dcaf80ffeea8034a2a8b4724b3020ac4)
 
>>> E:Devoir maison ( Biographie sur Jean - Jacque ROUSSEAU).lnk - Malware > Deleted. (13.12.10. 10.09 Devoir maison ( Biographie sur Jean - Jacque ROUSSEAU).lnk.28344; MD5: 4fb0ce8c9f869c1f91c3350c9607e87c)
 
>>> E:Autorun.inf.lnk - Malware > Deleted. (13.12.10. 10.09 Autorun.inf.lnk.193484; MD5: a214e0feff4b5f4f9bd0311e547e25a1)
 
>>> E:Google Stehep images.lnk - Malware > Deleted. (13.12.10. 10.09 Google Stehep images.lnk.147664; MD5: cde2f1476b9497597373c683653fd7c8)
 
>>> E:Musique de l'ordinateur.lnk - Malware > Deleted. (13.12.10. 10.09 Musique de l'ordinateur.lnk.583325; MD5: b2ad0554fb5172eedc6338203b44cb5d)
 
>>> E:video.lnk - Malware > Deleted. (13.12.10. 10.09 video.lnk.791190; MD5: 4ebc60fa76db37034659cb1021b320ec)
 
>>> E:image.lnk - Malware > Deleted. (13.12.10. 10.09 image.lnk.679512; MD5: 0e55f69ccb8f6fe0ea02b549f740c73c)
 
>>> E:Collège Frédéric Chopin.lnk - Malware > Deleted. (13.12.10. 10.09 Collège Frédéric Chopin.lnk.437383; MD5: 10b38e52a5e8e4edc2dd0b09c53edb7a)
 
>>> E:Justin Bieber - Beauty And A Beat ft.lnk - Malware > Deleted. (13.12.10. 10.09 Justin Bieber - Beauty And A Beat ft.lnk.226085; MD5: 20cfcbe1f10a03144e2581dcd8771f1c)
 
> Resetting attributes: E:Autorun.inf < Successful.
 
> Resetting attributes: E:Google Stehep images < Successful.
 
> Resetting attributes: E:Musique de l'ordinateur < Successful.
 
> Resetting attributes: E:video < Successful.
 
> Resetting attributes: E:image < Successful.
 
> Resetting attributes: E:Collège Frédéric Chopin < Successful.
 
 
=> Malicious files   : 25/25 deleted.
=> Hidden folders    : 6/6 unhidden.
=> Hidden files      : 18/18 unhidden.
 
____________________________________________
 
::::: Scan duration: 14sec :::::::::::::::::
____________________________________________
 

Още един лог от заразена флашка:

 
 
MCShield ::Anti-Malware Tool:: http://www.mcshield.net/
 
>>> v 2.8.3.24 / DB: 2013.12.8.1 / Windows 7 <<<
 
 
10/12/2013 10:29:28 > Drive E: - scan started (USB DISK ~14771 MB, FAT32 flash drive )...
 
 
 
---> Executing generic S&D routine... Searching for files hidden by malware...
 
 
---> Items to process: 8
 
---> E:osiris.PNG > unhidden.
 
---> E:aménophis IV.PNG > unhidden.
 
---> E:fiche revisions type.odt > unhidden.
 
---> E:louvre vue aerienne.PNG > unhidden.
 
---> E:parcours 1e étage.png > unhidden.
 
---> E:parcours rdc.PNG > unhidden.
 
---> E:Nouveau Texte OpenDocument.odt > unhidden.
 
---> E:fiche élève essai 1.odt > unhidden.
 
 
 
 
---> Note: paranoid mode is enabled.
 
 
>>> E:osiris.lnk - Malware > Deleted. (13.12.10. 10.29 osiris.lnk.362515; MD5: 775ead546b8063358c859de9fa190ac3)
 
>>> E:aménophis IV.lnk - Malware > Deleted. (13.12.10. 10.29 aménophis IV.lnk.905754; MD5: a8921fbf2f4cd24a133aa70a65abed73)
 
>>> E:fiche revisions type.lnk - Malware > Deleted. (13.12.10. 10.29 fiche revisions type.lnk.810125; MD5: c28d89a39caeed57cff073fde8923d6a)
 
>>> E:louvre vue aerienne.lnk - Malware > Deleted. (13.12.10. 10.29 louvre vue aerienne.lnk.267651; MD5: 4914599e8dd188d9e425787d72c6b56f)
 
>>> E:parcours 1e étage.lnk - Malware > Deleted. (13.12.10. 10.29 parcours 1e étage.lnk.285285; MD5: 4ce5c3628dc4d638a31fd4b8b7400064)
 
>>> E:parcours rdc.lnk - Malware > Deleted. (13.12.10. 10.29 parcours rdc.lnk.730917; MD5: 02b2070e23f57688912bafd3a9e660e0)
 
>>> E:Nouveau Texte OpenDocument.lnk - Malware > Deleted. (13.12.10. 10.29 Nouveau Texte OpenDocument.lnk.483103; MD5: 90d6384bed23a1ef19383a38931d484d)
 
>>> E:fiche élève essai 1.lnk - Malware > Deleted. (13.12.10. 10.29 fiche élève essai 1.lnk.885266; MD5: 480688280abf5a93af4be68f39991537)
 
>>> E:BREVET des COLLEGES.lnk - Malware > Deleted. (13.12.10. 10.29 BREVET des COLLEGES.lnk.678778; MD5: c21f84ec21d3def6c7a857ad7c686e05)
 
>>> E:5è.lnk - Malware > Deleted. (13.12.10. 10.29 5è.lnk.734459; MD5: 12062926fa5faf3a022ac7b83af1a737)
 
>>> E:Lib.lnk - Malware > Deleted. (13.12.10. 10.29 Lib.lnk.111957; MD5: f223621296d0a3e8d128153b50cc1a8f)
 
>>> E:.fseventsd.lnk - Malware > Deleted. (13.12.10. 10.29 .fseventsd.lnk.770341; MD5: b909e5696967540e9fd5a871ed42abae)
 
>>> E:3ème.lnk - Malware > Deleted. (13.12.10. 10.29 3ème.lnk.60770; MD5: 112f251c3258170da4c8a5d0012339b8)
 
>>> E:6è GEO de la POP M.lnk - Malware > Deleted. (13.12.10. 10.29 6è GEO de la POP M.lnk.411986; MD5: 6192ce24ff08c129f3cee8c51a644fcf)
 
>>> E:LABO H-G.lnk - Malware > Deleted. (13.12.10. 10.29 LABO H-G.lnk.856874; MD5: cca278360fdcece26815dd2e92d43e56)
 
>>> E:3è3  PP.lnk - Malware > Deleted. (13.12.10. 10.29 3è3  PP.lnk.755166; MD5: fc941686ec54d18332a73230107acfb4)
 
>>> E:.Trashes.lnk - Malware > Deleted. (13.12.10. 10.29 .Trashes.lnk.460954; MD5: 402e2f6725659e1d44e063ff1090e276)
 
>>> E:programmations HG.lnk - Malware > Deleted. (13.12.10. 10.29 programmations HG.lnk.717492; MD5: bc7e7807b331a7e789ba2544c07b2052)
 
>>> E:.Spotlight-V100.lnk - Malware > Deleted. (13.12.10. 10.29 .Spotlight-V100.lnk.213457; MD5: 2ec4b954295d059a3db4c74a485f1334)
 
>>> E:outils de PROGR COLLEGE.lnk - Malware > Deleted. (13.12.10. 10.29 outils de PROGR COLLEGE.lnk.354589; MD5: 96d3aa4e01d1c96c6ec63455d61b6dfd)
 
>>> E:Turquie (Cappadoz).lnk - Malware > Deleted. (13.12.10. 10.29 Turquie (Cappadoz).lnk.914883; MD5: 4e07935dade325afc9c21c4858f6932d)
 
>>> E:Camera.lnk - Malware > Deleted. (13.12.10. 10.29 Camera.lnk.748847; MD5: 76bdf7406055f0bbde8687d58c8d3ad9)
 
>>> E:doc à imprimer.lnk - Malware > Deleted. (13.12.10. 10.29 doc à imprimer.lnk.346092; MD5: cea32289e93bcccf6ba84ad2fd1801ba)
 
>>> E:Histoire de l'art.lnk - Malware > Deleted. (13.12.10. 10.29 Histoire de l'art.lnk.290914; MD5: 7af4290997463c38357b318509ec5ee1)
 
>>> E:DP3.lnk - Malware > Deleted. (13.12.10. 10.29 DP3.lnk.705715; MD5: d6573df13f55ed41cd269ad1e9e9510d)
 
>>> E:ADMINISTRATIF CLG Chopin.lnk - Malware > Deleted. (13.12.10. 10.29 ADMINISTRATIF CLG Chopin.lnk.274362; MD5: adab6637c95d81cdce9bab8efd30d875)
 
>>> E:.lnk - Malware > Deleted. (13.12.10. 10.29 .lnk.774613; MD5: 42085be463987b0383171e64e79e96b2)
 
>>> E:OpenOffice.org.lnk - Malware > Deleted. (13.12.10. 10.29 OpenOffice.org.lnk.257547; MD5: 081211aceac999fad238fe96643f48c1)
 
> Resetting attributes: E:BREVET des COLLEGES < Successful.
 
> Resetting attributes: E:5è < Successful.
 
> Resetting attributes: E:Lib < Successful.
 
> Resetting attributes: E:.fseventsd < Successful.
 
> Resetting attributes: E:3ème < Successful.
 
> Resetting attributes: E:6è GEO de la POP M < Successful.
 
> Resetting attributes: E:LABO H-G < Successful.
 
> Resetting attributes: E:3è3  PP < Successful.
 
> Resetting attributes: E:.Trashes < Successful.
 
> Resetting attributes: E:programmations HG < Successful.
 
> Resetting attributes: E:.Spotlight-V100 < Successful.
 
> Resetting attributes: E:outils de PROGR COLLEGE < Successful.
 
> Resetting attributes: E:Turquie (Cappadoz) < Successful.
 
> Resetting attributes: E:Camera < Successful.
 
> Resetting attributes: E:doc à imprimer < Successful.
 
> Resetting attributes: E:Histoire de l'art < Successful.
 
> Resetting attributes: E:DP3 < Successful.
 
> Resetting attributes: E:ADMINISTRATIF CLG Chopin < Successful.
 
 
=> Malicious files   : 28/28 deleted.
=> Hidden folders    : 18/18 unhidden.
=> Hidden files      : 8/8 unhidden.
 
____________________________________________
 
::::: Scan duration: 21sec :::::::::::::::::
____________________________________________

Лог от MBAM:

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.12.10.01
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16428
admin :: S_8W7-14 [administrator]
 
10/12/2013 10:21:15
mbam-log-2013-12-10 (10-21-15).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 2134557
Time elapsed: 32 minute(s), 37 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 4
SC771070VADMINperso.ConfigApplication DataIminentMediator (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
SC771070VADMINperso.ConfigApplication DataIminentMediatorDatas (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
U:.ConfigApplication DataIminentMediator (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
U:.ConfigApplication DataIminentMediatorDatas (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
 
Files Detected: 68
SC771070VADMINperso.ConfigApplication DataUutqtk.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
U:.ConfigApplication DataUutqtk.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:UserslyesilbasAppDataLocalTempDIQgoogle-sketchup_027DomaIQ.exe (Adware.DomaIQ) -> Quarantined and deleted successfully.
C:UserslyesilbasAppDataLocalTempDIQgoogle-sketchup_027DomaIQ10.exe (Adware.DomaIQ) -> Quarantined and deleted successfully.
C:UserslyesilbasAppDataLocalTempDIQgoogle-sketchup_027OfferBrokerage_14003.exe (PUP.Optional.InstallIQ) -> Quarantined and deleted successfully.
C:UserslyesilbasAppDataLocalTempDIQgoogle-sketchup_027setup__120.exe (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
C:UsersabensaidDownloadsgoogle-sketchup.exe (Adware.DomaIQ) -> Quarantined and deleted successfully.
C:UsersadiakiteDownloadsgoogle-sketchup.exe (Adware.DomaIQ) -> Quarantined and deleted successfully.
C:UsersadialloDownloadsgoogle-sketchup.exe (Adware.DomaIQ) -> Quarantined and deleted successfully.
C:UsersakachikovDownloadsgoogle-sketchup.exe (Adware.DomaIQ) -> Quarantined and deleted successfully.
C:UsersamartonDownloadsgoogle-sketchup.exe (Adware.DomaIQ) -> Quarantined and deleted successfully.
C:UsersamoreauDownloadsgoogle-sketchup.exe (Adware.DomaIQ) -> Quarantined and deleted successfully.
C:UsersaoulddahmaneDownloadsgoogle-sketchup.exe (Adware.DomaIQ) -> Quarantined and deleted successfully.
C:UsersapotierDownloadsgoogle-sketchup.exe (Adware.DomaIQ) -> Quarantined and deleted successfully.
C:UsersatavernierDownloadsgoogle-sketchup.exe (Adware.DomaIQ) -> Quarantined and deleted successfully.
C:UsersbdumasDownloadsgoogle-sketchup.exe (Adware.DomaIQ) -> Quarantined and deleted successfully.
C:UsersbkabaDownloadsgoogle-sketchup.exe (Adware.DomaIQ) -> Quarantined and deleted successfully.
C:UsersbmagneDownloadsgoogle-sketchup.exe (Adware.DomaIQ) -> Quarantined and deleted successfully.
C:Usersbmagne.CHOPINDownloadsgoogle-sketchup.exe (Adware.DomaIQ) -> Quarantined and deleted successfully.
C:UsersbturgutDownloadsgoogle-sketchup.exe (Adware.DomaIQ) -> Quarantined and deleted successfully.
C:UserschamousinDownloadsgoogle-sketchup.exe (Adware.DomaIQ) -> Quarantined and deleted successfully.
C:UserscnsanguDownloadsgoogle-sketchup.exe (Adware.DomaIQ) -> Quarantined and deleted successfully.
C:UserscsantanaDownloadsgoogle-sketchup.exe (Adware.DomaIQ) -> Quarantined and deleted successfully.
C:UserscvarinDownloadsgoogle-sketchup.exe (Adware.DomaIQ) -> Quarantined and deleted successfully.
C:UsersczannierDownloadsgoogle-sketchup.exe (Adware.DomaIQ) -> Quarantined and deleted successfully.
C:UsersdcauganDownloadsgoogle-sketchup.exe (Adware.DomaIQ) -> Quarantined and deleted successfully.
C:UsersdjachimowiczDownloadsgoogle-sketchup.exe (Adware.DomaIQ) -> Quarantined and deleted successfully.
C:UsersdkeslaniDownloadsgoogle-sketchup.exe (Adware.DomaIQ) -> Quarantined and deleted successfully.
C:UsersensomiDownloadsgoogle-sketchup.exe (Adware.DomaIQ) -> Quarantined and deleted successfully.
C:UsersfbikoutaDownloadsgoogle-sketchup.exe (Adware.DomaIQ) -> Quarantined and deleted successfully.
C:UsersfhamelDownloadsgoogle-sketchup.exe (Adware.DomaIQ) -> Quarantined and deleted successfully.
C:UsersfkocyigitDownloadsgoogle-sketchup.exe (Adware.DomaIQ) -> Quarantined and deleted successfully.
C:UsershtimeraDownloadsgoogle-sketchup.exe (Adware.DomaIQ) -> Quarantined and deleted successfully.
C:UsershunalDownloadsgoogle-sketchup.exe (Adware.DomaIQ) -> Quarantined and deleted successfully.
C:UsersibargishevDownloadsgoogle-sketchup.exe (Adware.DomaIQ) -> Quarantined and deleted successfully.
C:UsersihassouniDownloadsgoogle-sketchup.exe (Adware.DomaIQ) -> Quarantined and deleted successfully.
C:UsersizeghoudiDownloadsgoogle-sketchup.exe (Adware.DomaIQ) -> Quarantined and deleted successfully.
C:UsersjalvesDownloadsgoogle-sketchup.exe (Adware.DomaIQ) -> Quarantined and deleted successfully.
C:UserslprevilleDownloadsgoogle-sketchup.exe (Adware.DomaIQ) -> Quarantined and deleted successfully.
C:UserslwoloszynDownloadsgoogle-sketchup.exe (Adware.DomaIQ) -> Quarantined and deleted successfully.
C:UserslyesilbasDownloadsgoogle-sketchup.exe (Adware.DomaIQ) -> Quarantined and deleted successfully.
C:UsersmabossanDownloadsgoogle-sketchup.exe (Adware.DomaIQ) -> Quarantined and deleted successfully.
C:UsersmancelinDownloadsgoogle-sketchup.exe (Adware.DomaIQ) -> Quarantined and deleted successfully.
C:UsersmankouriDownloadsgoogle-sketchup.exe (Adware.DomaIQ) -> Quarantined and deleted successfully.
C:UsersmchastelDownloadsgoogle-sketchup.exe (Adware.DomaIQ) -> Quarantined and deleted successfully.
C:UsersmdejesusDownloadsgoogle-sketchup.exe (Adware.DomaIQ) -> Quarantined and deleted successfully.
C:UsersmjabriDownloadsgoogle-sketchup.exe (Adware.DomaIQ) -> Quarantined and deleted successfully.
C:UsersnabbasDownloadsgoogle-sketchup.exe (Adware.DomaIQ) -> Quarantined and deleted successfully.
C:UsersnlachgarDownloadsgoogle-sketchup.exe (Adware.DomaIQ) -> Quarantined and deleted successfully.
C:UsersozhouDownloadsgoogle-sketchup.exe (Adware.DomaIQ) -> Quarantined and deleted successfully.
C:UsersqleloirDownloadsgoogle-sketchup.exe (Adware.DomaIQ) -> Quarantined and deleted successfully.
C:UsersqmbuaDownloadsgoogle-sketchup.exe (Adware.DomaIQ) -> Quarantined and deleted successfully.
C:UsersrambolletDownloadsgoogle-sketchup.exe (Adware.DomaIQ) -> Quarantined and deleted successfully.
C:UsersrbouguedidaDownloadsgoogle-sketchup.exe (Adware.DomaIQ) -> Quarantined and deleted successfully.
C:UsersrwansiangaDownloadsgoogle-sketchup.exe (Adware.DomaIQ) -> Quarantined and deleted successfully.
C:UserssbangouraDownloadsgoogle-sketchup.exe (Adware.DomaIQ) -> Quarantined and deleted successfully.
C:UserssdiakiteDownloadsgoogle-sketchup.exe (Adware.DomaIQ) -> Quarantined and deleted successfully.
C:UserssyakutDownloadsgoogle-sketchup.exe (Adware.DomaIQ) -> Quarantined and deleted successfully.
C:UserstcornetDownloadsgoogle-sketchup.exe (Adware.DomaIQ) -> Quarantined and deleted successfully.
C:UserstmallaliDownloadsgoogle-sketchup.exe (Adware.DomaIQ) -> Quarantined and deleted successfully.
C:UsersvleleuxDownloadsgoogle-sketchup.exe (Adware.DomaIQ) -> Quarantined and deleted successfully.
C:UsersvmartonDownloadsgoogle-sketchup.exe (Adware.DomaIQ) -> Quarantined and deleted successfully.
C:UsersvpongeDownloadsgoogle-sketchup.exe (Adware.DomaIQ) -> Quarantined and deleted successfully.
C:UserswsimonDownloadsgoogle-sketchup.exe (Adware.DomaIQ) -> Quarantined and deleted successfully.
SC771070VADMINperso.ConfigApplication DataIminentMediatorDatasglobalcache.dat (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
SC771070VADMINperso.ConfigApplication DataIminentMediatorDatasuser.dat (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
U:.ConfigApplication DataIminentMediatorDatasglobalcache.dat (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
U:.ConfigApplication DataIminentMediatorDatasuser.dat (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
 
(end)
 
Линк към коментара
Сподели в други сайтове
B-boy/StyLe/ Диамантен потребител

B-boy/StyLe/

публикувано
публикувано

Добра работа - явно MBAM е успяла да почисти профилните папки от другите акаунти (но предполагам само там - няма как да почисти всеки един Windows - трябва да се сканира всяка една машина по-отделно за тази цел).

 

Остава лога от HitmanPro.

 

Колкото до MSChield2 - той е успял да поправи някои неща - премахнал е атрибутите за скритите файлове и те са отново видими и е изтрил шорткътите които водят към зловредно съдържание.

За всеки случай сега след като системата е имунизирана, можете да ги проверите с наличната антивирусна програма (сканиране от контекстното меню върху дяла на флашката с предварително обновени вирусни дефиниции).

Линк към коментара
Сподели в други сайтове
Алекс Качиков Сътрудник

Алекс Качиков

публикувано
  • Автор
публикувано

Добра работа - явно MBAM е успяла да почисти профилните папки от другите акаунти (но предполагам само там - няма как да почисти всеки един Windows - трябва да се сканира всяка една машина по-отделно за тази цел).

 

Остава лога от HitmanPro.

 

Колкото до MSChield2 - той е успял да поправи някои неща - премахнал е атрибутите за скритите файлове и те са отново видими и е изтрил е шорткътите които водят към зловредно съдържание.

За всеки случай сега след като системата е имунизирана, можете да ги проверите с наличната антивирусна програма (сканиране от контекстното меню върху дяла на флашката с предварително обновени вирусни дефиниции).

Лога от HitmanPro ще го постна утре. А за разрешенията за Task Manager, няма никакъв проблем. То и без това никой незнае как да го отвори.

Лека вечер и благодаря за помоща! :)

Линк към коментара
Сподели в други сайтове
Алекс Качиков Сътрудник

Алекс Качиков

публикувано
  • Автор
публикувано

Лог от HitmanPro:

HitmanPro_20131212_1236.xml

Лог от HitmanPro:

Публикувано изображениеHitmanPro_20131212_1236.xml

Не съм направил стъпката за игнориране, бях забравил за нея. 

Линк към коментара
Сподели в други сайтове
B-boy/StyLe/ Диамантен потребител

B-boy/StyLe/

публикувано
публикувано

Това не ми прилича на целия лог файл - я публикувайте този от тази папка:

C:ProgramdataHitmanProLogs

 

И как ще забравите за ignore стъпката....тя беше доста важна и сега всички групови политики и забрани са премахнати предполагам за всички акаунти!!

Иначе пък лога от Hitmanpro ако е само това е напълно чист. :)

Остава да минете всички заразени флашки с MSChield 2 + антивирусната програма, а относно забавянето да проверите линковете които бях дал и би трябвало да се закрепи положението. :)

Линк към коментара
Сподели в други сайтове
B-boy/StyLe/ Диамантен потребител

B-boy/StyLe/

публикувано
публикувано

Мда, забраните са изтрити за всички акаунти според лога на Hitmanpro - за всеки един SID иначе лога е чист. :)

Т.е. ако продължава да има забавянто, то то не се дължи на зловреден софтуер. Колкото до забраните трябва да се добаят ръчно отново (но може да оставите тази част на екипа по-поддръжката).

Просто сканирайте всички заразени флашки през споменатите горе програми и след това ще ви кажа как да изтриете използваните от нас инструменти.

 

Поздрави!

Линк към коментара
Сподели в други сайтове
Алекс Качиков Сътрудник

Алекс Качиков

публикувано
  • Автор
публикувано

Мда, забраните са изтрити за всички акаунти според лога на Hitmanpro - за всеки един SID иначе лога е чист. :)

Т.е. ако продължава да има забавянто, то то не се дължи на зловреден софтуер. Колкото до забраните трябва да се добаят ръчно отново (но може да оставите тази част на екипа по-поддръжката).

Просто сканирайте всички заразени флашки през споменатите горе програми и след това ще ви кажа как да изтриете използваните от нас инструменти.

 

Поздрави!

Много благодаря за помоща. Екипа по подръжката най-накрая дойде и още не са намерили начин да го оправят.

Линк към коментара
Сподели в други сайтове
B-boy/StyLe/ Диамантен потребител

B-boy/StyLe/

публикувано
публикувано

Финални препоръки:

 

1. Обновете всички стари приложения, ако има засечени такива с помощта на PatchMyPC

 

2. За да почистим използваните от нас неща направете следното:

 

Изтеглете следния файл => http://www14.zippyshare.com/v/7612626/file.html и го запазете в папката от която стартирахте FRST.exe.

Стартирайте FRST.exe и натиснете бутона Fix веднъж!

Това ще изтрие карантинната папка на FRST. Не е нужно да публикувате лог файла.

 

Изтеглете OTC.exe и го стартирайте. Натиснете бутона CleanUp!.
Рестартирайте компютъра, ако ви попита!

Изтеглете Delfix.exe и го стартирайте. Сложете отметка пред Remove disinfection tools (трябва да има такава по-подразбиране, но все пак да си кажа) => натиснете бутона Run

Инструмента ще се самоизтрие след като приключи своята задача!

 

Ако има инструменти, папки или логове от използваните от нас неща и те не са се изтрили при горе-споменатите процедури, ги изтрийте ръчно.

 

Ако нямате повече въпроси и проблеми, ще маркирам случая като РЕШЕН. :bye1:

 

Поздрави!

Линк към коментара
Сподели в други сайтове

Архивирана тема

Темата е твърде стара и е архивирана. Не можете да добавяте нови отговори в нея, но винаги можете да публикувате нова тема, в която да продължи дискусията. Регистрирайте се или влезте във вашия профил за да публикувате нова тема.

Назад
×
×
  • Добави ново...